Joshua Wright didn't question the legitimacy of the threat AirMagnet Inc. warned of in a recent press release. It's the word the wireless security firm coined to describe it that bothered him.
Great, he thought, after all the phishing, phreaking and pharming, here was another piece of "ph" wordplay: phlooding. Wright and his comrades at the Bethesda, Md.-based SANS Internet Storm Center (ISC) had seen a lot of "ph" words cooked up by marketers to describe new threats. This latest attempt was more than they could stand.
"Our reaction was 'enough ph words,'" said Wright, deputy director of training at the SANS Institute and an ISC handler. "Whenever there's an event, marketers coin these new catch phrases. Sometimes the attention to the new word is more than the actual event warrants. We just reached a breaking point."
In this case, Sunnyvale, Calif.-based AirMagnet used "phlooding" to describe an attack where people in different locations saturate wireless access points with log-in requests using multiple password combinations, clogging a company's central authentication server. AirMagnet warned this could potentially interfere with broader network operations since many different users and applications often validate themselves against the same identity management server for e-mail access, database applications and other corporate uses.
Wright and his colleagues didn't dispute the legitimacy of AirMagnet's warning. In fact, Wright said in his ISC handler's diary, "While I question the motives behind coining another cutesy 'ph' name to describe this attack, it does accurately describe a vulnerability in 802.1x wireless network authentication. Since anyone can authenticate to the wireless network, it is possible to generate enough traffic such that it is detrimental to the authentication server."
Still, he said in a phone interview, "The attack they mention is probably isolated. But it will start getting a lot of attention because of the phlooding word." At this point, he said, the threat doesn't appear to be as grave as the word would suggest.
At the time of writing, AirMagnet had not returned a telephone request for comment.
Wright said vendors should "leverage the power of marketing judiciously." In some cases they can draw attention to serious threats that have gone unnoticed. Evil twin is a good example of that, he said. "That phrase brought attention to a problem that had been out there," he said. "But when you overplay an existing word like phishing it muddies the big picture. You see all these 'ph' words and it becomes harder to tell a serious threat from something overly hyped. It all starts to look like a marketing ploy."
To show the silliness that can ensue when "ph" wordplay goes too far, Wright used his handler's diary to start a little contest. He wrote, "In a pre-emptive strike to marketing bodies everywhere, we're seeking ph-word submissions phrom out phine readers…"
He laid out some rules: "Submissions have to be a word that starts with 'f.' There is one phour-letter word that would become a phive letter word that won't be on the list. We've been getting lots of submissions surrounding "phlatulence". This really isn't necessary. :)"
Hundreds upon hundreds of submissions flowed [or is it 'phlowed'?] in. Wright said the storm center posted the highlights, "and only the clean ones." The Web site has a full listing along with the names of those submitting them. But here's a sample of what came back:
- Phortune: What the phishers have after they empty out the bank accounts.
- Phork: What phishers use instead of chop-sticks.
- Phorgetful: What users are when asked if they clicked yes on the security warning to install that program from that really cool game site.
- Phorensics: The set of predefined and accepted procedures for pretending to analyze the phony bank e-mail forwarded to you by your friends and/or coworkers. ISC Note: This is not what handlers do!
- Pheature: An undocumented program perk or bug easily taken advantage of usually by someone halfway across the world.
- Philler: The extra words in a spam e-mail to convince the spam filters that this is a legitimate message, [but] that make absolutely no sense when read by a human. Example: "Classic coffee baby Venezuela doubles dock joined disk sunny verification bloating."
- Phorthcoming: What companies are [when they] helpfully store customer data and SSNs on externally accessible databases.
- Phedexed: What sometimes happens to backup tapes with highly sensitive data on it.
- Phlabbergasted: State of the CEO of a company to which happened either or both of the above.
- Pheds: Those called in to investigate.
- Phubar: A zero-day attack in which a computer bursts into phlames such that it is Phudged Up Beyond All Recognition.
- Phlaking: A network administrator's DOS caused by the previous night's drinking binge.
- Phudging: What the network admin does when his boss asks him why he is sleeping under his desk [see above].